Quorum onQ appliance gives ransomware recovery a 'shot'

At a time of increased ransomware activity and heightened awareness, Quorum has launched an appliance designed to recover from an attack.

The Quorum onQ Ransomware Edition, which became generally available today, takes snapshots of servers and provides server-level recovery.

“It’s the first vendor we’ve seen put out a product specifically to address a ransomware problem,” said George Crump, founder and president of analyst firm Storage Switzerland.

Rise up, time to take a snapshot

Ransomware has been prevalent for some time now, but made international headlines in May when the WannaCry strain simultaneously hit 300,000 machines in 150 countries.

Quorum onQ Ransomware Edition works alongside a company’s main backup system. The Quorum appliance takes snapshots of production servers. Customers decide the intervals of the snapshots, which are encrypted and saved to the appliance as virtual machine (VM) images. If there is a ransomware attack, IT can isolate the affected system and use the last known good snapshot to start up the VM copy.

The product serves as a “second layer” of protection, said Quorum systems engineer Jason Snook. The recovery point objective (RPO) can be as little as 15 minutes, but most organizations will set the snapshot frequency to an hour, Snook said. The more frequent the snapshots, the greater the drag on performance, so organizations will have to balance their RPO needs against performance impact.

Crump said he generally recommends 30-minute RPOs.

“An hour is better than a day, but 30 minutes is better than an hour,” Crump said.

Ball in the servers’ court

Quorum onQ Ransomware Edition protects up to 15 servers. It can restore one or two of those servers immediately after an incident, offering what the vendor calls “one-click instant recovery.” The ransomware appliance provides server-level restores rather than file-level restores. When customers restore thousands of files, they’re not always sure what they’re restoring and the process can take too long, Quorum’s Snook said.

“The ability to just spin up a server, especially in the ransomware case, is very interesting,” Crump said.

Quorum onQ Ransomware Edition creates bootable snapshots of production servers that can be used in the event of a ransomware attack.

Quorum’s failback options include incremental and full bare-metal recovery. While the recovery nodes are running, an organization can begin the bare-metal recovery failback using Quorum’s custom ISO. The ISO can be used to boot a physical or virtual machine from any supported ISO media, and will show users a screen that will walk them through the process.

The appliance contains 22 TB of storage and 64 GB of RAM, and is built on the same technology as the Quorum onQ enterprise backup and disaster recovery platform.

The Quorum onQ Ransomware Edition is priced at $15,000 for 15 servers and maintenance.

The product is similar to Quorum’s full backup and disaster recovery offering, but it’s cheaper and captures data more frequently, Crump said.

As organizations are often reactive, Crump said the next time there’s a large-scale ransomware attack, like WannaCry, he expects a sales spike for the new product.

Crump said he would like to see Quorum add the ability to copy data offsite from the Quorum onQ Ransomware Edition appliance.